Scan Policies Analysis
StackHawk provides API endpoints for managing application scan policies.
Scan Policies define which vulnerability checks, or "plugins" are run when testing a web application with HawkScan.
StackHawk and Application Scan Policies
There are two kinds of scan policies:
-
StackHawk Scan Policies: these are predefined named policies that contain a subset of preconfigured plugins. These are identified by name, and includes a
DEFAULT
policy that defines the default plugins used when running HawkScan unconfigured. -
Application Scan Policies: these are customized scan policies that have been created to correspond to a StackHawk application. These scan policies include a
applicationId
that refers it to the corresponding StackHawk application.
Get details of StackHawk scan policies
You can view all the StackHawk scan policies with the All scan policies endpoint.
# input the auth token
AUTH_JWT=<AUTH_JWT>
# request all stackhawk policies
curl --request GET \
--url https://api.stackhawk.com/api/v1/policy/all \
--header 'accept: application/json' \
--header 'authorization: Bearer $AUTH_JWT'
You can get the specific details of a named StackHawk scan policy with the Get StackHawk scan policy endpoint.
# input the auth token and policy name
AUTH_JWT=<AUTH_JWT>
SCAN_POLICY_NAME=DEFAULT
# request all stackhawk policies
curl --request GET \
--url https://api.stackhawk.com/api/v1/policy?policyName=$SCAN_POLICY_NAME \
--header 'accept: application/json' \
--header 'authorization: Bearer $AUTH_JWT'
Notice that plugins in the list are marked as enabled
or disabled
.
Assigning a StackHawk policy to an application
Assigning a StackHawk policy to an application will set the applications scan to use that predefined plugin list when scanning the application.
By default; new applications have a scan policy matching the DEFAULT
policy.
With an Application ID you can get the currently assigned application scan policy.
# input the auth token and app id
AUTH_JWT=<AUTH_JWT>
APP_ID=<APP_ID>
# request all stackhawk policies
curl --request GET \
--url https://api.stackhawk.com/api/v1/app/$APP_ID/policy \
--header 'accept: application/json' \
--header 'authorization: Bearer $AUTH_JWT'
and modify it with the update scan policy endpoint to configure the plugins there.
# input the auth token app id and scan policy name
AUTH_JWT=<AUTH_JWT>
APP_ID=<APP_ID>
SCAN_POLICY_NAME=DEFAULT
# request all stackhawk policies
curl --request PUT \
--url https://api.stackhawk.com/api/v1/app/$APP_ID/policy/assign?policyName=$SCAN_POLICY_NAME \
--header 'accept: application/json' \
--header 'authorization: Bearer $AUTH_JWT'
Updated about 23 hours ago